From eb106cb46aaea07ddc3c46db63f99ab41b2cd835 Mon Sep 17 00:00:00 2001
From: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>
Date: Thu, 20 Oct 2016 15:18:12 -0700
Subject: [PATCH] TPS token enrollment fails to setupSecureChannel when TPS and
 TKS security db is on fips mode.

Ticket #2513.

Simple fix allows the TPS and TKS the ability to obtain the proper internal token, even in FiPS mode.

(cherry picked from commit cb2cc3c7fd93e1a0519a0b530cbc2edbab7741cc)
(cherry picked from commit 7fae5790584855ea84b9c6ecf73058b6f0dfc1aa)
---
 .../cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
index db42cab..6dfd1d2 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
@@ -31,6 +31,7 @@ import sun.security.pkcs11.wrapper.PKCS11Constants;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.cmsutil.crypto.CryptoUtil;
 
 public class SecureChannelProtocol {
 
@@ -688,10 +689,11 @@ public class SecureChannelProtocol {
 
     public CryptoToken returnTokenByName(String name, CryptoManager manager) throws NoSuchTokenException {
 
+        CMS.debug("returnTokenByName: requested name: " + name);
         if (name == null || manager == null)
             throw new NoSuchTokenException();
 
-        if (name.equals("internal") || name.equals("Internal KeyStorage Token")) {
+        if(CryptoUtil.isInternalToken(name)) {
             return manager.getInternalKeyStorageToken();
         } else {
             return manager.getTokenByName(name);
-- 
1.8.3.1